public void MfaAuthorizationNotSubscribedTest_TestsIfResultIsTrueWhenMfaIsNotSubscribedForAnyAction_VerifiesByReturnValue()
{
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(true);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, "Login", null);
Assert.IsTrue(authorizeAccess.Item1);
}
public void MfaAuthorizationSuccessfulTest_ChecksThatServiceReturnsTrueIfNoMfaSubscriptionIsSubscribed_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
}
public void MfaAuthorizationFailTest_ChecksThatServiceReturnsTrueIfMfaCodesDontMatch_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaSubscriptionRepository mfaSubscriptionRepository = (IMfaSubscriptionRepository)ContextRegistry.GetContext()["MfaSubscriptionRepository"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
IList <MfaSubscription> allSubscriptions = mfaSubscriptionRepository.GetAllSubscriptions();
IList <Tuple <string, string, bool> > mfaSubscriptions = new List <Tuple <string, string, bool> >();
foreach (var subscription in allSubscriptions)
{
mfaSubscriptions.Add(new Tuple <string, string, bool>(subscription.MfaSubscriptionId,
subscription.MfaSubscriptionName, true));
}
user.AssignMfaSubscriptions(mfaSubscriptions);
persistenceRepository.SaveUpdate(user);
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, null);
Assert.IsFalse(authorizeAccess.Item1);
// The Stub Implementation always generates and returns the same MFA Code. We manuipulate it so that the code is
// incorrect
string mfaCode = mfaCodeGenerationService.GenerateCode();
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, mfaCode + "1");
Assert.IsFalse(authorizeAccess.Item1);
}
public void MfaAuthorizationSubscribedFailsTest_ChecksThatResponseIsFalseWhenMfaCodeIsNotPresent_VerifiesByReturnValue()
{
// The first time of authorization, the user des not have the MFA code present, but the second time it is present
// as it has been sent to the user
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(false);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
Tuple <string, string, bool> loginSubscription = new Tuple <string, string, bool>("LOG", "Login", true);
Tuple <string, string, bool> depositSubscription = new Tuple <string, string, bool>("DEP", "Deposit", true);
Tuple <string, string, bool> withdrawSubscription = new Tuple <string, string, bool>("WD", "Withdraw", true);
Tuple <string, string, bool> placeOrderSubscription = new Tuple <string, string, bool>("PO", "PlaceOrder", true);
Tuple <string, string, bool> cancelOrderSubscription = new Tuple <string, string, bool>("CO", "CancelOrder", true);
IList <Tuple <string, string, bool> > subscriptionsList = new List <Tuple <string, string, bool> >();
subscriptionsList.Add(loginSubscription);
subscriptionsList.Add(depositSubscription);
subscriptionsList.Add(withdrawSubscription);
subscriptionsList.Add(placeOrderSubscription);
subscriptionsList.Add(cancelOrderSubscription);
user.AssignMfaSubscriptions(subscriptionsList);
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
// Login MFA
Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);
Assert.IsFalse(authorizeAccess1.Item1);
}
//[ExpectedException(typeof(InvalidOperationException))]
public void MfaAuthorizationSubscribedFailtTest_ChecksThatExceptionIsRaisedWhenMfaCodesDontMatch_VerifiesByReturnValue()
{
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(false);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
Tuple <string, string, bool> loginSubscription = new Tuple <string, string, bool>("LOG", "Login", true);
IList <Tuple <string, string, bool> > subscriptionsList = new List <Tuple <string, string, bool> >();
subscriptionsList.Add(loginSubscription);
user.AssignMfaSubscriptions(subscriptionsList);
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
// Login MFA
Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);
Assert.IsFalse(authorizeAccess1.Item1);
// This time the code should be assigned to the user, so verify that
authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, user.MfaCode + "1");
Assert.IsFalse(authorizeAccess1.Item1);
}
